FBI’s Advice on Ransomware? Just Pay The Ransom.

FBI Boston’s Joseph Bonavolonta said that paying the ransom is often the easiest path out of ransomware infections.

In-brief: The nation’s top law enforcement agency is warning companies that they may not be able to get their data back from cyber criminals who use Cryptolocker, Cryptowall and other malware without paying a ransom.

The FBI wants companies to know that the Bureau is there for them if they are hacked. But if that hack involves Cryptolocker, Cryptowall or other forms of ransomware, the nation’s top law enforcement agency is warning companies that they may not be able to get their data back without paying a ransom.

“The ransomware is that good,” said Joseph Bonavolonta, the Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program in its Boston office. “To be honest, we often advise people just to pay the ransom.”

Bonavolonta was addressing a gathering of business and technology leaders at the Cyber Security Summit 2015 on Wednesday at Boston’s Back Bay Events Center. He was referring to ransomware programs like Cryptolocker, Cryptowall, Reveton and other malicious programs that encrypt the contents of a victim’s hard drive, as well as other directories accessible from the infected system. The owner is then asked to pay a ransom – often hundreds of dollars – for the key to unencrypt the data.

FBI Boston’s Joseph Bonavolonta address the Cyber Security Summit on October 21st. Bonavolonta said that paying the ransom is often the easiest path out of ransomware infections. (Photo courtesy of FBI.)

The FBI issued a notice in June, which identified CryptoWall as the most common form of ransomware affecting individuals and businesses in the US. The Bureau said it had received 992 complaints related to CryptoWall between April 2014 and June 2015 with losses totaling $18 million. That message advised victims of ransomware to contact their local FBI field office.

Bonavolonta echoed that advice in his remarks on Wednesday, but also cautioned that the Bureau may not be able to pry encrypted data from the clutches of the ransomware authors, who use ultra secure encryption algorithms to lock up ransomed data.

“The easiest thing may be to just pay the ransom,”Bonavolonta, who said that efforts by the Bureau and others to defeat the encryption used by the malware did not bear fruit. “The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom.”

The success of the ransomware ends up benefitting victims: because so many people pay, the malware authors are less inclined to wring excess profit out of any single victim, keeping ransoms low. And most ransomware scammers are good to their word, Bonavolonta said. “You do get your access back.”

Still, the Boston head of cyber said that organizations that have procedures in place for regularly backing up their data can avoid paying a ransom at all, by simply restoring the infected system to a state prior to the infection.

And the FBI still wants to hear about ransomware infections, even from firms that pay the criminals off. “Do we want you to call the FBI? Yes,” said Bonavolonta. The FBI has been collecting information on ransomware scams and wants to be able to keep abreast of how the scams are evolving.

I’ve dealt with this kind of encryption scam several times in the past couple years. There is a way to decrypt the files and get all the data back. I have experimented with it. Again, it’s wise to have back up, in the case you fail at decryption. 🙂

People…think about this. Unless you absolutely cannot afford to lose your data, do not give in to these scum-runners. And if you absolutely cannot afford to lose your data, you should be buying Carbonite, Crashplan, or some other form of backup, preferably on and offsite, but if you can only afford one, a basic subscription offsite. If you can’t do without it, then you should ask yourself -what if a fire, flood, theft, etc. took my computer and data away from me?

The FBI should be making clear to people that giving in is the last resort. If people stop paying off these frauds, they’ll stop doing it because it won’t be profitable. And as Eastern European organized crime is often responsible, this money won’t go to fund other not-so-pleasant things.

The FBI should be telling people to dump the Windows OS! How long will we continue to suffer the Stockholm syndrome with bad Microsoft Software? Other operating systems/computer ecosystems have shown much greater security. Cryptolocker and Cryptowall are hideious Windows infections.

The worst Mac OS ransomware infection so far was a javascript that fooled you into thinking your computer was locked, but it wasn’t. Easily deleted and fixed. There has never been a ransomware in the wild for iOS. Other OS’s while not having as stellar a record as Apple’s OS’s still have greatly improved track records over Windows. Dump Windows! Keep your hardware, but dump Windows.

1) – You can’t keep your hardware, but dump Windows if you wish to adopt an Apple OS; it would completely violate Apple’s licensing policies
2) – You’re blaming an operating system, when you should be blaming the scum that are doing this.
3) – Just because this hasn’t been done on Linux or Mac OS X doesn’t mean it couldn’t be done. Both have encryption technologies available. It just isn’t profitable to do so at this time. Should the marketshare of either increase drastically, and the marketshare of Windows decrease in proportion, it is a guarantee you’ll see this happen. Not a possibility, a guarantee.

This should not be about blaming an operating system –it should be about ensuring that no matter which operating system, people are taught to back up everything for disaster recovery. If one’s house burns down and their computer is melted to slag, Linux isn’t to blame. If a hard disk fails, it’s not the fault of OS X. We need to treat this as a disaster-recovery opportunity, not a chance to blame an OS, and we need to use all forensic tools at our disposal to go after the scum doing this to people, because in the end, the criminals are responsible.